WP-Safety

PixRem – Unused Image Cleaner Security & Risk Analysis

wordpress.org/plugins/pixrem

Find and delete unused images in your Media Library. Backup, restore, whitelist, and scan support for all major page builders.

20 active installs v1.0.3 PHP 7.2+ WP 5.4+ Updated Sep 22, 2025
image-optimizermedia-cleanermedia-libraryremove-imagesunused-images
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is PixRem – Unused Image Cleaner Safe to Use in 2026?

Generally Safe

Score 100/100

PixRem – Unused Image Cleaner has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7mo ago
Risk Assessment

The "pixrem" v1.0.3 plugin exhibits a mixed security posture. On the positive side, it demonstrates good practices in output escaping, with 93% of outputs being properly escaped, and has a history entirely free of known vulnerabilities (CVEs). The plugin also includes a reasonable number of nonce and capability checks (11 and 10 respectively). However, a significant concern arises from its attack surface, with 10 AJAX handlers identified, of which a substantial 7 lack authentication checks. This creates a notable entry point for potential unauthorized actions. Furthermore, the presence of the `unserialize` function is a critical red flag, as it can lead to remote code execution if user-controlled data is passed to it without proper sanitization. While taint analysis found no critical or high severity unsanitized flows, the combination of numerous unprotected AJAX endpoints and the `unserialize` function represents a tangible risk that could be exploited by an attacker to achieve arbitrary code execution or perform unauthorized actions on the WordPress site.

Key Concerns

  • Unprotected AJAX handlers
  • Dangerous unserialize function present
Vulnerabilities
None known

PixRem – Unused Image Cleaner Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

PixRem – Unused Image Cleaner Release Timeline

v1.0.3Current
Code Analysis
Analyzed Mar 16, 2026

PixRem – Unused Image Cleaner Code Analysis

Dangerous Functions
1
Raw SQL Queries
4
2 prepared
Unescaped Output
3
40 escaped
Nonce Checks
11
Capability Checks
10
File Operations
4
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized = @unserialize($value);includes\scan-functions.php:11

SQL Query Safety

33% prepared6 total queries

Output Escaping

93% escaped43 total outputs
Data Flows · Security
All sanitized

Data Flow Analysis

2 flows
pixrem_ajax_scan_batch (includes\scan-functions.php:176)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
7 unprotected

PixRem – Unused Image Cleaner Attack Surface

Entry Points10
Unprotected7

AJAX Handlers 10

authwp_ajax_pixrem_restore_backupincludes\backup-handler.php:144
authwp_ajax_pixrem_delete_imageincludes\delete-limit.php:46
authwp_ajax_pixrem_delete_all_imagesincludes\delete-limit.php:86
authwp_ajax_pixrem_restore_imageincludes\restore-handler.php:10
authwp_ajax_pixrem_scan_batchpixrem.php:85
authwp_ajax_pixrem_get_unusedpixrem.php:86
authwp_ajax_pixrem_delete_imagepixrem.php:87
authwp_ajax_pixrem_restore_backuppixrem.php:88
authwp_ajax_pixrem_delete_all_imagespixrem.php:89
authwp_ajax_pixrem_set_used_idspixrem.php:132
WordPress Hooks 10
actionadmin_enqueue_scriptsadmin\admin-assets.php:42
actionadmin_menuadmin\admin-page.php:26
actionadmin_enqueue_scriptsadmin\admin-page.php:28
actionpixrem_before_deleteincludes\backup-handler.php:228
actionadmin_menuincludes\logs-manager.php:188
actionadmin_initincludes\whitelist-manager.php:28
actionadmin_menuincludes\whitelist-manager.php:43
actiondelete_attachmentpixrem.php:54
actionadmin_enqueue_scriptspixrem.php:59
actionplugins_loadedpixrem.php:197
Maintenance & Trust

PixRem – Unused Image Cleaner Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedSep 22, 2025
PHP min version7.2
Downloads394

Community Trust

Rating0/100
Number of ratings0
Active installs20
Alternatives

PixRem – Unused Image Cleaner Alternatives

Unattached Media Manager

Unattached Media Manager

unattached-media-manager

A
100

Fix the WordPress Unattached media filter. Automatically attach used media files to their posts so you can safely clean up your library.

30 No CVEs
MA Smart Image Cleaner

MA Smart Image Cleaner

ma-smart-image-cleaner

A
100

Safely find and clean unused images in your WordPress Media Library without breaking your website.

10 No CVEs
Oli Media Cleaner

Oli Media Cleaner

oli-media-cleaner

A
100

Scan and remove unused media files from your WordPress site to free up disk space.

10 No CVEs
Unused Media Scan & Delete

Unused Media Scan & Delete

unused-media-scanner

A
100

Scan and delete unused media

10 No CVEs
Assetbroom – Unused Media & Duplicate Image Cleaner

Assetbroom – Unused Media & Duplicate Image Cleaner

assetbroom-media-cleaner

A
100

Detect unused images, duplicate media files, and safely clean your WordPress media library without breaking your website.

0 No CVEs
Developer Profile

PixRem – Unused Image Cleaner Developer Profile

OM Media

1 plugin · 20 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect PixRem – Unused Image Cleaner

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/pixrem/admin/js/progress.js/wp-content/plugins/pixrem/assets/css/style.css
Script Paths
/wp-content/plugins/pixrem/admin/js/progress.js

HTML / DOM Fingerprints

Data Attributes
pixremAjax
JS Globals
pixremAjax
FAQ

Frequently Asked Questions about PixRem – Unused Image Cleaner